Data Privacy, between a rock and a hard place

How are we to handle Data Privacy? Through goodwill, as original free internet promoters would like to? Or through coercive regulation measures, as government bodies are prone to? This definitely is no easy dilemma…

The Marketing Mobile Association in France has been willing to put the question on the table, last Wednesday (Feb 12th), on the very same day when the US were having the so-called “safer internet day”. The meeting venue was more on the goodwill side, as the event has been hosted by the Mozilla Foundation in their Paris office. A nice place, by the way, see for yourself…

The discussion panel was more balanced, with Etienne Drouard attorney at K&L Gates, specialized in Privacy matters, and Geoffrey Delcroix, CNIL Innovation Director (CNIL being the French Internet Regulatory Body), as well as Hervé Le Jouan, CEO of Privowny, and Tristan Nitot, Principal Evangelist Mozilla Europe (a brilliant coffee brewer as well…), the whole thing being moderated by Bruno Perrin, Media & Entertainment Leader at EY.

Between tools to manage oneself’s privacy (see my own selection at the bottom of this post) and various comments to the Privacy Laws, the main impression that remains from this panel discussion is that handling Data Privacy is like walking on a tight rope…

Two opposite views are currently cleaving the internet:

On one side, the “libertarian” internet promoters, with their concepts based on freedom as wide as possible (net neutrality, open data, open source, etc…), whose view of privacy is linked to each person individual right to protect one’s privacy. A global “do-not-track” by default would certainly please them, especially if companies are to respect it forcefully…

On another side, at the opposite of the scope, we have the state bodies, willing to set more control on the internet, as this is something that they do not only misunderstand, but also fear; in this respect, they wish to instate regulations, privacy by design, control over content, etc…

And, in the middle, the so-called “new economy”, all these companies and people trying to make a sensible use of the internet… Not easy, mmh? What I understood very clearly from the panel discussion is that none of the extreme behaviors depicted above would give internet a chance. Setting “do-not-track” by default would simply lead companies to ignore it, and hence kill the idea. And on the other side, regulating the market by law would technically make it die, in the end. Hence, the tight rope strategy is the only one that remains, with a difficult balance between market freedom and people’s protection, between business and privacy…

So what are we left with? We can try to manage our own privacy, and ensure it does not go beyond the borders we have set. Nobody lives in a cave with no contact to the outside any more (as this would probably be the only way to fully protect one’s privacy…). But nobody wants to live constantly under the eyes of watchers, as in a personal Truman Show, especially when your information is wanted for their business… We may go on using internet, conscious that we are watched, but managing this, and knowingly give our consent wherever we believe it makes sense, blocking all other non-sollicited requests…

There are many tools to do so. Probably too many. I personally use five.

An ad-blocker: this is not a must have, but it may be useful , especially to speed up your browsing. I use AdBlock, a Chrome extension. The disadvantage of this, is that most ad-blockers do not offset the changes in the layout of the website, making it sometimes barely readable (as for instance my favorite sport page, Sport24). And do not forget that most sites earn their money thanks to the ads… So I disable it now and then, especially when visiting sites with less audience.

A user/password manager: this is highly interesting, to ensure you know what and where you have been logging in, and ensure nobody is using some of your identities without you knowing it. I am using the Privowny tool bar, a very useful add-on.

An identity verifier: this is for Twitter in particular. To avoid being followed (and spammed) by robots and fake followers, I am using TrueTwit, a simple (and not so expensive) tool to filter and verify any Twitter user. I have less followers now, but only real people…

A do-not-track option: I also use, now and then, the do-not-track feature in my browser (Chrome). This I do especially when shopping or banking online, so as to minimize the amount of cookies shared by these companies that also own very personal information of mine. I know, this is more a wishful thinking, but at least shows that I am not ready to let everything leak.

A graphical cookie tracer: I have uploadedCookieViz from the CNIL website, a free software to visualize your browsing, and the cookies that have been shared with third parties. At least, when you browse websites, including your favorite ones, you know what you are at… Below a short description of this tool (currently only available for Windows OS, soon to come for Mac and Unix).

At the bottom, from right to left, a gaming website BigPoint.com, my About.me profile and this blog’s dashboard page. In the middle, Avinash Kaushik’s blog (Occam’s Razor), showing that even the blog of a respected digital evangelist like Avinash may share third-party cookies…

The graph is, I believe, self-explanatory; the visited websites (red pentagons) are generating cookies (all blue round spots), which are kept for first-party usage (blue links) or shared with third-party (red links). To be clear, I have disabled the AdBlock to generate this graph, so as to prevent partial representation.

This tool is highly interesting in my eyes. It does not block anything, but shows you everything. At least, the user knows what happens when he/she visits a website, and may decide to go on browsing, or choose alternatives websites with a better sharing policy, especially regarding third-party cookies.